RC F'13, F2'17 Cryptogopher / Go cryptography maintainer Professional open source maintainer https://filippo.io / https://github.com/FiloSottile https://mkcert.dev / https://age-encryption.org https://sunlight.dev / https://filippo.io/newsletterhttps://blacksky.community/profile/filippo.abyssdomain.experthttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mko6wxtwok2fCopy Fail? Also looks like memory safety, but is actually complexity. https://xint.io/blog/copy-fail-linux-distributions#how-this-happened-3 I am going to link to this while rejecting changes to Go crypto for years. Anyway, feeling pretty validated in my "ssh in as root, only gVisor or Firecracker are an actual security boundary" approach. [contains quote post or other embedded content]29 Apr 2026 22:54 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mko6wxtwok2fhttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mklctioas224… are fucking kidding me. A github.com cross-account RCE due to the most pedestrian of injection attacks along the obvious exposed surface… and they actually have a globally shared “git” UNIX user!! This is not what taking the role of supply chain stewards seriously looks like. https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-385428 Apr 2026 19:25 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mklctioas224https://blacksky.community/profile/filippo.abyssdomain.expert/post/3mkkmc7ljk22gLooks like GitHub silently corrupted some index. PR #237 definitely exists and is closed (https://github.com/C2SP/C2SP/pull/237) but is just... not in the list (https://github.com/C2SP/C2SP/pulls?q=is%3Apr+is%3Aclosed) regardless of filters. I briefly doubted my own sanity. This is bad.28 Apr 2026 12:42 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mkkmc7ljk22ghttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mkjcgzaums2iDamn, that felt good. [contains quote post or other embedded content]28 Apr 2026 00:13 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mkjcgzaums2ihttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mkjbzbzxh62bA bit over two years after starting to work on it... Go is officially FIPS 140-3 certified 💥 https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5247 I am pretty confident Go is now one of the most—if not the most—seamless and complete FIPS 140-3 compliance solutions... with a single env var, out of the box.28 Apr 2026 00:05 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mkjbzbzxh62bhttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mkaolhmegk2iI think it's important to triage failed predictions and I was wrong about this one. It looks like it's more organizational dysfunction and neglect than the "embrace, extend, extinguish" I was told to be worried about but the acquisition did not work out well for GitHub. https://xcancel.com/FiloSottile/status/1003455011605700608 [contains quote post or other embedded content]24 Apr 2026 13:56 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mkaolhmegk2ihttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mk65ca4vbz2zHow much storage / bandwidth / CPU / memory does it take to run a production Sunlight CT log? Surprisingly little! There's now a public stats page, pulled every 5m from our Tuscolo prod metrics. stats.sunlight.geomys.org Less than 2 cores, 300 MB of memory, ~250 Mbps of bandwidth, 260 GiB of SSD.23 Apr 2026 13:42 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mk65ca4vbz2zhttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mk47b6upec2hHey, if you think you're justified in being an anti-social ass to Why, could you block me? It's ok, no need to discuss it. I'm not looking for a fight and we're not going to converge. I know you think you are justified by that very good reason. Good for you.22 Apr 2026 19:11 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mk47b6upec2hhttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mk46o4b4ee2bNIST is updating SP 800-133, which details the "FIPS approved" ways to generate keys. There's a lot of good news in it, it approves a lot of stuff we were doing, like X-Wing seed derivation and c2sp.org/det-keygen. Here are my comments: https://leaflet.pub/f6fc0b3b-161d-4e35-99cd-e95ad62402a522 Apr 2026 19:01 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mk46o4b4ee2bhttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mjwv6s6kje2zThere are no technical or compliance reasons to double the size of symmetric keys in response to the threat of quantum computers. This common misunderstanding of Grover's algorithm risks wasting limited resources that should go towards deploying actually urgent post-quantum algorithms. https://words.filippo.io/128-bits/20 Apr 2026 16:28 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mjwv6s6kje2zhttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mjslnehbt224It's April 2026, 1 year 8 months since FIPS 204. The IETF TLS WG is busy debating the concept of ML-DSA hybrids, and whether they should be composite, concatenated, or separate. The complexity of hybrid auth is, however, firmly denied. In the distance, sounds of a pure ML-DSA PKI being built.18 Apr 2026 23:26 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mjslnehbt224https://blacksky.community/profile/filippo.abyssdomain.expert/post/3mjpqfq7vz22717 Apr 2026 20:14 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mjpqfq7vz227https://blacksky.community/profile/filippo.abyssdomain.expert/post/3mjmf7irsn226This is awesome! Great to see more full-time positions for open source maintainers funded by commercial retainers framed around sustainability. And uh... looks like Geomys might be undercharging! [contains quote post or other embedded content]16 Apr 2026 12:15 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mjmf7irsn226https://blacksky.community/profile/filippo.abyssdomain.expert/post/3mjkwt2inss2xYES! No more made up severity scores for most CVEs! Every OSS maintainer I know hated those. (It's basically impossible to give a score to the severity of a vulnerability in a widely used library. They can ~all be low or critical, depending on how they are used.) [contains quote post or other embedded content]15 Apr 2026 22:25 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mjkwt2inss2xhttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mjkufwtwps27I had a whole post on "yes, HKDF is FIPS 140-3 compliant, actually" but now NIST just went and added it by name to the list of Approved algorithms with a change comment saying "it was always compliant, yo" (paraphrased), so yay. words.filippo.io/fips-hkdf/15 Apr 2026 21:42 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mjkufwtwps27https://blacksky.community/profile/filippo.abyssdomain.expert/post/3mjklsutb6s2jThere are only two bug classes left: complexity and memory safety. CurveBall (CVE-2020-0601)? Complexity. BigSig (CVE-2021-43527)? Memory safety. Log4Shell (CVE-2021-44228)? Complexity. BlueKeep (CVE-2019-0708)? Memory safety. Heartbleed looks like memory safety, but it's actually complexity. [contains quote post or other embedded content]15 Apr 2026 19:08 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mjklsutb6s2jhttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mjjwpkr3a226I wrote up in the TLS mailing list why I think composite signatures (ML-DSA + ECDSA/RSA) are a net negative, will hurt the ecosystem, and should not be implemented. Hybrid key exchange was simple and self-contained. Hybrid signatures would be a mountain of complexity in delicate, critical code. https://mailarchive.ietf.org/arch/msg/tls/oh3jmmkHzHdp1hk4R4M9QjkmvBk/15 Apr 2026 12:51 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mjjwpkr3a226https://blacksky.community/profile/filippo.abyssdomain.expert/post/3mj7wo6py3s2uProTip: you can have multiple handles in your DID document! For example, you can see I am both @filippo.io and @filippo.abyssdomain.expert. https://pdsls.dev/at://did:plc:x2nsupeeo52oznrmplwapppl#identity @bsky.app uses the first, but also loads profile links for the others. https://bsky.app/profile/filippo.io @tangled.org lets you pick now!11 Apr 2026 13:23 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mj7wo6py3s2uhttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mj6kl5y7vc2gAlright, it's official! 💰 @matthewdgreen.bsky.social and I bet on what will break first, ML-KEM-768 or X25519. The loser donates to a 501(c)(3) picked by the winner. If you have an opinion on quantum computers or lattices, you can join with a side bet. Just submit a PR! https://github.com/FiloSottile/ecc-vs-lattices-long-bet [contains quote post or other embedded content]11 Apr 2026 00:14 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mj6kl5y7vc2ghttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mj5k6m6jxk2x1. The Xteink X4 is so cute 2. It's so cool you can just ask an LLM for a firmware feature 3. To flash the community firmware, you just go to xteink.dve.al and click flash, thanks to WebUSB It's so sad Firefox doesn't implement WebUSB. Better UX *and* better security than downloading an exe. [contains quote post or other embedded content]10 Apr 2026 14:34 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mj5k6m6jxk2xhttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mj5bynjnzk2lCome for the updated graph, stay for the very balanced and reasonable Outlook section, which matches and reinforces my risk assessment: it's unlikely we'll see a CRQC in 2030 but not unlikely enough. So we ship. https://sam-jaques.appspot.com/quantum_landscape_2026 [contains quote post or other embedded content]10 Apr 2026 12:08 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mj5bynjnzk2lhttps://blacksky.community/profile/filippo.abyssdomain.expert/post/3mj3ab2yj2s2kCan we talk about the fact that we can just tell the computer > extract from 2026-04-08-17-15-58.mkv an audio file that is compatible with MacWhisper, ideally losslessly and it just runs ffmpeg for us now??09 Apr 2026 16:31 +0000at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3mj3ab2yj2s2k